﻿/*
 * 名称：微软xss预防组件封装
 * 修改说明：
 * 序号---时间---作者---修改内容
 * 1---2012-2-27 22:38:57---胡文斌---新增文件
 */

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Security.Application;

namespace dwz4net.helper
{
    public class XssProtect
    {
        /// <summary>
        /// 过滤html中的敏感字符
        /// </summary>
        /// <param name="inputHtml"></param>
        /// <returns></returns>
        public static string InputHtmlFilter(string inputHtml)
        {
            return Sanitizer.GetSafeHtmlFragment(inputHtml);
        }

        /// <summary>
        /// 对输出的html进行编码
        /// </summary>
        /// <param name="inputHtml"></param>
        /// <returns></returns>
        public static string HtmlEncode(string inputHtml)
        {
            return Microsoft.Security.Application.Encoder.HtmlEncode(inputHtml);
        }

        /// <summary>
        /// 对输出的javascript进行编码
        /// </summary>
        /// <param name="inputJs"></param>
        /// <returns></returns>
        public static string JavaScriptEncode(string inputJs)
        {
            return Microsoft.Security.Application.Encoder.JavaScriptEncode(inputJs);
        }

        /// <summary>
        /// 对输出的css进行编码
        /// </summary>
        /// <param name="inputHtml"></param>
        /// <returns></returns>
        public static string CssEncode(string inputHtml)
        {
            return Microsoft.Security.Application.Encoder.CssEncode(inputHtml);
        }

        /// <summary>
        /// 对输出的url进行编码
        /// </summary>
        /// <param name="inputHtml"></param>
        /// <returns></returns>
        public static string UrlEncode(string inputHtml)
        {
            return Microsoft.Security.Application.Encoder.UrlEncode(inputHtml);
        }

        /// <summary>
        /// 对输出的html属性进行编码
        /// </summary>
        /// <param name="inputHtml"></param>
        /// <returns></returns>
        public static string HtmlAttributeEncode(string inputHtml)
        {
            return Microsoft.Security.Application.Encoder.HtmlAttributeEncode(inputHtml);
        }

        /// <summary>
        /// 对输出的form 表单提交的url进行编码
        /// </summary>
        /// <param name="inputHtml"></param>
        /// <returns></returns>
        public static string HtmlFormUrlEncode(string inputHtml)
        {
            return Microsoft.Security.Application.Encoder.HtmlFormUrlEncode(inputHtml);
        }
    }
}
